0
0

Change mentions of blocked users to not be processed (#19725)

Fixes #19698
This commit is contained in:
Claire 2022-11-04 13:19:12 +01:00 committed by GitHub
parent 20aa8881dc
commit 4fb0aae636
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 87 additions and 49 deletions

View File

@ -66,6 +66,16 @@ class ProcessMentionsService < BaseService
end end
def assign_mentions! def assign_mentions!
# Make sure we never mention blocked accounts
unless @current_mentions.empty?
mentioned_domains = @current_mentions.map { |m| m.account.domain }.compact.uniq
blocked_domains = Set.new(mentioned_domains.empty? ? [] : AccountDomainBlock.where(account_id: @status.account_id, domain: mentioned_domains))
mentioned_account_ids = @current_mentions.map(&:account_id)
blocked_account_ids = Set.new(@status.account.block_relationships.where(target_account_id: mentioned_account_ids).pluck(:target_account_id))
@current_mentions.select! { |mention| !(blocked_account_ids.include?(mention.account_id) || blocked_domains.include?(mention.account.domain)) }
end
@current_mentions.each do |mention| @current_mentions.each do |mention|
mention.save if mention.new_record? mention.save if mention.new_record?
end end

View File

@ -1,63 +1,91 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe ProcessMentionsService, type: :service do RSpec.describe ProcessMentionsService, type: :service do
let(:account) { Fabricate(:account, username: 'alice') } let(:account) { Fabricate(:account, username: 'alice') }
let(:visibility) { :public }
let(:status) { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}", visibility: visibility) }
subject { ProcessMentionsService.new } subject { ProcessMentionsService.new }
context 'ActivityPub' do context 'when mentions contain blocked accounts' do
context do let(:non_blocked_account) { Fabricate(:account) }
let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox') } let(:individually_blocked_account) { Fabricate(:account) }
let(:domain_blocked_account) { Fabricate(:account, domain: 'evil.com') }
before do let(:status) { Fabricate(:status, account: account, text: "Hello @#{non_blocked_account.acct} @#{individually_blocked_account.acct} @#{domain_blocked_account.acct}", visibility: :public) }
subject.call(status)
end
it 'creates a mention' do
expect(remote_user.mentions.where(status: status).count).to eq 1
end
end
context 'with an IDN domain' do
let!(:remote_user) { Fabricate(:account, username: 'sneak', protocol: :activitypub, domain: 'xn--hresiar-mxa.ch', inbox_url: 'http://example.com/inbox') }
let!(:status) { Fabricate(:status, account: account, text: "Hello @sneak@hæresiar.ch") }
before do
subject.call(status)
end
it 'creates a mention' do
expect(remote_user.mentions.where(status: status).count).to eq 1
end
end
context 'with an IDN TLD' do
let!(:remote_user) { Fabricate(:account, username: 'foo', protocol: :activitypub, domain: 'xn--y9a3aq.xn--y9a3aq', inbox_url: 'http://example.com/inbox') }
let!(:status) { Fabricate(:status, account: account, text: "Hello @foo@հայ.հայ") }
before do
subject.call(status)
end
it 'creates a mention' do
expect(remote_user.mentions.where(status: status).count).to eq 1
end
end
end
context 'Temporarily-unreachable ActivityPub user' do
let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox', last_webfingered_at: nil) }
before do before do
stub_request(:get, "https://example.com/.well-known/host-meta").to_return(status: 404) account.block!(individually_blocked_account)
stub_request(:get, "https://example.com/.well-known/webfinger?resource=acct:remote_user@example.com").to_return(status: 500) account.domain_blocks.create!(domain: domain_blocked_account.domain)
subject.call(status) subject.call(status)
end end
it 'creates a mention' do it 'creates a mention to the non-blocked account' do
expect(remote_user.mentions.where(status: status).count).to eq 1 expect(non_blocked_account.mentions.where(status: status).count).to eq 1
end
it 'does not create a mention to the individually blocked account' do
expect(individually_blocked_account.mentions.where(status: status).count).to eq 0
end
it 'does not create a mention to the domain-blocked account' do
expect(domain_blocked_account.mentions.where(status: status).count).to eq 0
end
end
context 'resolving a mention to a remote account' do
let(:status) { Fabricate(:status, account: account, text: "Hello @#{remote_user.acct}", visibility: :public) }
context 'ActivityPub' do
context do
let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox') }
before do
subject.call(status)
end
it 'creates a mention' do
expect(remote_user.mentions.where(status: status).count).to eq 1
end
end
context 'with an IDN domain' do
let!(:remote_user) { Fabricate(:account, username: 'sneak', protocol: :activitypub, domain: 'xn--hresiar-mxa.ch', inbox_url: 'http://example.com/inbox') }
let!(:status) { Fabricate(:status, account: account, text: "Hello @sneak@hæresiar.ch") }
before do
subject.call(status)
end
it 'creates a mention' do
expect(remote_user.mentions.where(status: status).count).to eq 1
end
end
context 'with an IDN TLD' do
let!(:remote_user) { Fabricate(:account, username: 'foo', protocol: :activitypub, domain: 'xn--y9a3aq.xn--y9a3aq', inbox_url: 'http://example.com/inbox') }
let!(:status) { Fabricate(:status, account: account, text: "Hello @foo@հայ.հայ") }
before do
subject.call(status)
end
it 'creates a mention' do
expect(remote_user.mentions.where(status: status).count).to eq 1
end
end
end
context 'Temporarily-unreachable ActivityPub user' do
let!(:remote_user) { Fabricate(:account, username: 'remote_user', protocol: :activitypub, domain: 'example.com', inbox_url: 'http://example.com/inbox', last_webfingered_at: nil) }
before do
stub_request(:get, "https://example.com/.well-known/host-meta").to_return(status: 404)
stub_request(:get, "https://example.com/.well-known/webfinger?resource=acct:remote_user@example.com").to_return(status: 500)
subject.call(status)
end
it 'creates a mention' do
expect(remote_user.mentions.where(status: status).count).to eq 1
end
end end
end end
end end